Microsoft, FBI Disrupt Cyber Scheme Linked to $500M Bank Theft

Microsoft (MSFT) has teamed with federal law enforcement to disrupt the technology supporting a cybercrime ring that has drained funds from accounts at some of the nation's biggest banks.

The software giant and the FBI on Wednesday shuttered roughly 1,000 of about 1,400 connected computers that were allegedly used to steal more than $500 million from financial institutions over the past 18 months, the company said late Wednesday.

The network of so-called botnets known as Citadel infected as many as 5 million computers worldwide and facilitated thefts from a string of financial institutions, including JPMorgan Chase (JPM), Bank of America (BAC), Citigroup (NYSE:C), Wells Fargo (WFC), Credit Suisse (CS), American Express (AXP) and PayPal (EBAY), according to Reuters, which first reported the operation.

Using malware, the perpetrators were able to monitor and record accounts holders' keystrokes, which gave access to withdraw money from accounts or steal personal information, Microsoft said.

Neither Microsoft nor the FBI specified the extent of losses at individual banks or accounts.

Representatives for Amex, Citi and Wells Fargo declined to comment. Amex cited the company's continuing work with law enforcement. Representatives for other financial institutions did not immediately respond to inquiries.

The perpetrators reportedly remain at large. The FBI reportedly is working with law enforcement officials abroad to apprehend suspects in what is described as a probe in its advanced stages.

The group's leader allegedly goes by the alias Aquabox but is otherwise unidentified, according to papers filed by Microsoft with the U.S. District Court in Charlotte.

"In our most aggressive botnet operation to date, the Microsoft Digital Crimes Unit worked with leaders of the financial services industry, other technology industry partners and the [FBI] to disrupt a massive cyber threat responsible for stealing people's online banking information and personal identities," Richard Boscovich, Microsoft's assistant general counsel for digital crimes, wrote Wednesday evening in a post on the company's blog. "With a court ordered civil seizure warrant...Microsoft executed a simultaneous operation to disrupt more than 1,400 Citadel botnets which are responsible for over half a billion dollars in losses to people and businesses worldwide."

"Due to Citadel's size and complexity, we do not expect to fully take out all of the botnets in the world using the Citadel malware," Boscovich added. "However, we do expect that this action will significantly disrupt Citadel's operation, helping quickly release victims from the threat and making it riskier and more costly for the cybercriminals to continue doing business."

The creator of the botnet bundled the malicious software with pirated versions of the Windows operating system that the thieves used to take over personal computers in the U.S., Europe, Australia, India and Hong Kong, Microsoft said.

The scheme's architect is said to direct the campaign from Eastern Europe. The Citadel botnets reportedly have been programmed to avoid attacking computers or financial institutions in Russia or the Ukraine.

The Financial Services - Information Sharing and Analysis Center; the American Bankers Association and Nacha, the electronic payments association assisted in the takedown, according to Microsoft.

U.S. banks usually reimburse consumers who are victims of fraud but the banks may require business customers to incur the losses, an American Bankers Association spokesman told Reuters.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER